OpRisk Europe 2011 – now in its 13th year, commenced today at the historic Waldorf Hotel in the West End of London. Somewhat ironic that the risk management conference is taking place in the stylish hotel whose interior is said to have inspired the designers of the “unsinkable” Titanic – a classic case study on risk management.

In one breakout session, Andrew Sheen of the FSA’s risk frameworks and governance team discussed recent developments from the BIS and their impact on operational risk. Citing updates to the “Sound Practices for the Management of Operational Risk” paper recently updated by the BIS Committee, Sheen emphasized several key considerations for the board of directors and senior management team. In particular, he emphasized the need for the board to set the tone at the top in order to promote a strong risk management culture and that banks should “develop, implement and maintain an operational risk management framework that is fully integrated into the banks overall risk management processes.” He also provided guidance for senior management. In particular, he noted that senior management should:

“Develop for approval by the board a clear, effective and robust governance structure

Be held responsible for implementing policies, processes and systems for managing operational risk and ones that are consistent with risk appetite and tolerance

Implement an approval process for all new prods, activities, processes and systems that fully assesses operational risk, and;

If you’re involved with compliance, you must know that the SEC issued its final rules on whisleblowing. The original proposal was hugely contentious, with serious concern that employees will bypass companies’ internal reporting channels established as part of comprehensive compliance programs instituted and enhanced over recent years, and instead run directly to the SEC for a lottery-size payday.

The SEC’s director of enforcement initially had said that the agency will be “mindful of competing interests” as it shapes regulations around the new law.” Well, there are changes from the proposed rules to the final, but compliance officers and their companies are disappointed, understandably so. Unfortunately, as with the proposed rules, reporting first internally is not required. Among the changes are provision for employees to report internally and then within 120 days (rather than the proposed 90 days) go to the SEC and still maintain a “place in line” for a major payday by the regulator. Also, certain specified personnel are excluded from being paid by the government, generally including lawyers, auditors and compliance personnel, and those themselves involved in the misconduct – although there are exceptions to the exceptions. And interestingly, when a whistleblower reports to the SEC, related information subsequently provided by the company to the SEC is attributed to the whistleblower. Officials from the Association of Corporate Counsel have said the rule will result in “gutting” compliance systems, and the U.S. Chamber of Commerce continues to be up in arms. Two of the five commissioners voted against the final rule, which passed in a 3-2 vote. In a survey of directors, 67% said this is the most detrimental part of Dodd-Frank.

Suffice it to say here that the modifications from the proposed rules to the final are such that compliance and other corporate officers continue to believe their past efforts in establishing internal whistleblower protocols are being undermined, and they will need to work hard and be creative in encouraging employees to work within internal reporting systems. One law firm says the best line of defense is to have robust internal compliance and audit procedures designed to proactively uncover potential wrongdoing and, where misconduct is found, to promptly address and remediate it aggressively before a whistleblower surfaces. Easy to say, challenging to do. Clearly, there’s a lot of work ahead for compliance officers, general counsels and their colleagues.

Tags

A tag is a keyword you assign to make a blog or blog content easier to find. Click a tag to find content that has been assigned that keyword. Click another tag to refine the search further. Click Find a tag to search for a tag that is not displayed in the collection.